Sign in with FaceCard
FaceCard is a new authentication primitive ā like "Sign in with Google," but using your face instead of a third-party account.
What is FaceCard?
FaceCard is a new type of authentication. Instead of relying on passwords, OAuth providers, or device-locked biometrics, FaceCard lets users sign in to any website or app by looking at their camera.
Think of it like "Sign in with Google" or "Sign in with Apple" ā but instead of trusting a third-party account, the user authenticates with their face. No passwords, no OAuth tokens, no single-provider lock-in. Your face is your credential, and it works everywhere.
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
ā ā
ā Sign in to your account ā
ā ā
ā āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā ā
ā ā email@example.com ā ā
ā āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā ā
ā āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā ā
ā ā ā¢ā¢ā¢ā¢ā¢ā¢ā¢ā¢ ā ā
ā āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā ā
ā āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā ā
ā ā Sign in ā ā
ā āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā ā
ā ā
ā āā or āā ā
ā ā
ā āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā ā
ā ā š¤ Sign in with FaceCard ā ā
ā āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā ā
ā ā
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāUsers click "Sign in with FaceCard," glance at their camera, and they're authenticated in under 2 seconds.
Why FaceCard?
The Problem with Existing Auth
Every current authentication method has significant trade-offs:
- Passwords are forgettable, phishable, reused across sites, and create friction.
- OAuth / Social login (Google, Apple, GitHub) ties your identity to a third-party ecosystem. If that provider goes down or changes their policies, your users lose access.
- Face ID / Windows Hello only work within their respective ecosystems. Switch from iPhone to a work laptop? You're back to passwords.
- Passkeys are promising but have inconsistent browser/device support and confuse users who don't understand the concept.
What FaceCard Does Differently
FaceCard runs entirely in the browser. It uses a 128-dimensional biometric signature extracted client-side using WebGL-accelerated neural networks. No photos are stored. No third-party dependencies. No special hardware required beyond a standard webcam.
| Advantage | How |
|---|---|
| Universal | Works on any device with a camera and a modern browser ā iOS, Android, Mac, Windows, Linux |
| Private | All face processing happens client-side. Only encrypted math vectors are transmitted |
| Self-contained | No dependency on Google, Apple, or any OAuth provider |
| Fast | Average authentication time: 1.8 seconds |
| Secure | 128-dimensional biometric signatures can't be guessed, phished, or reused |
Comparison: FaceCard vs Other Auth Methods
| Feature | FaceCard | Passwords | Passkeys | Face ID | OAuth / Social |
|---|---|---|---|---|---|
| Nothing to remember | ā | ā | ā | ā | ā |
| Cross-platform | ā | ā | ā ļø Partial | ā Apple only | ā |
| No third-party dependency | ā | ā | ā ļø Partial | ā | ā |
| Phishing resistant | ā | ā | ā | ā | ā ļø Partial |
| Works on any device | ā | ā | ā ļø Partial | ā | ā |
| No special hardware | ā | ā | ā Needs FIDO key | ā Needs TrueDepth | ā |
| Biometric security | ā | ā | ā ļø Optional | ā | ā |
| Sub-2 second auth | ā | ā | ā | ā | ā |
| No account lockout risk | ā | ā | ā ļø Partial | ā | ā ļø Partial |
| Privacy-first (no tracking) | ā | ā ļø Partial | ā | ā | ā |
| Works in any browser | ā | ā | ā ļø Partial | ā | ā |
| Self-hostable | ā | ā | ā | ā | ā |
Key Takeaways
- Passwords fail on almost every modern security metric ā phishable, forgettable, slow.
- Passkeys are a step forward but have fragmented device support and confuse non-technical users.
- Face ID is excellent UX but locked to Apple devices. Switch ecosystems and you lose it.
- OAuth is convenient but creates vendor dependency and shares user data with third parties.
- FaceCard combines the UX of Face ID, the universality of passwords, and the privacy of passkeys ā without their respective downsides.
How FaceCard Works Under the Hood
1. User clicks "Sign in with FaceCard"
The website or app renders a FaceCard button using the @facesmash/sdk:
import { FaceSmashProvider, FaceLogin } from '@facesmash/sdk/react';
<FaceSmashProvider config={{ apiUrl: 'https://api.facesmash.app' }}>
<FaceLogin
onResult={(r) => r.success && redirect('/dashboard')}
/>
</FaceSmashProvider>2. Camera activates, face is captured
The SDK activates the user's camera via getUserMedia and captures 3+ frames. Each frame is analyzed for quality (lighting, blur, face size, pose).
3. Biometric signature extracted
The best-quality frame is processed through 5 neural networks running client-side via TensorFlow.js:
Camera frame
ā SSD MobileNet v1 (face detection)
ā FaceLandmark68Net (68-point facial landmark mapping)
ā FaceRecognitionNet (128-D descriptor extraction)
ā Quality analysis (lighting, blur, confidence)
ā Liveness detection (anti-spoofing)The result is a 128-dimensional numeric vector ā a compact mathematical signature of the user's face. This is the FaceCard.
4. Signature compared server-side
The 128-D vector is sent (encrypted) to the server, where it's compared against stored vectors using cosine similarity with adaptive thresholds. If the match exceeds the threshold, the user is authenticated.
5. Adaptive learning
Each successful login optionally stores a new face template, building a richer model of the user's appearance under different conditions (lighting, angles, aging). Accuracy improves over time.
Privacy & Security
FaceCard was designed with privacy as a core constraint, not an afterthought:
- No photos stored ā Raw camera frames never leave the browser. Only compact 128-D numeric vectors are transmitted.
- Client-side processing ā All neural network inference happens in the browser via WebGL. The server never sees raw biometric data.
- AES-256 encryption ā Stored face vectors are encrypted at rest.
- Non-reversible ā It's mathematically impossible to reconstruct a face image from a 128-D descriptor vector.
- No third-party data sharing ā Unlike OAuth, FaceCard doesn't share any user data with external providers.
- Self-hostable ā Run your own PocketBase instance. Your data, your infrastructure, your rules.
Adding FaceCard to Your App
React
npm install @facesmash/sdkimport { FaceSmashProvider, FaceLogin } from '@facesmash/sdk/react';
function LoginPage() {
return (
<FaceSmashProvider config={{ apiUrl: 'https://api.facesmash.app' }}>
<div>
<h1>Sign in</h1>
{/* Traditional login form here */}
<p>ā or ā</p>
{/* FaceCard button */}
<FaceLogin
onResult={(result) => {
if (result.success) {
window.location.href = '/dashboard';
}
}}
/>
</div>
</FaceSmashProvider>
);
}Vanilla JavaScript
import { createFaceSmash } from '@facesmash/sdk';
const client = createFaceSmash({ apiUrl: 'https://api.facesmash.app' });
await client.init();
// When user clicks "Sign in with FaceCard"
const result = await client.login(capturedImages);
if (result.success) {
console.log(`Welcome back, ${result.user.name}!`);
}Next Steps
- Quickstart ā Set up face login in 5 minutes
- React Integration ā Full React guide with FaceCard
- SDK Reference ā Architecture, neural networks, full API
- Custom UI ā Build your own FaceCard button and flow
- Security & Privacy ā Deep dive into biometric data handling